Re: [gentoo-user] Restrict certain web users by IP
On 11/28/12 20:10, Grant wrote: I use apache2 authentication for web users and I would like to require logins from certain users to be from a certain IP address. I experimented with Allow and Require but couldn't find a way to restrict only certain users. Can this be done via apache2 authentication or should I use another method? - Grant very simple via .htaccess Limit GET POST order deny,allow deny from all allow from IP_address /Limit AuthName restricted stuff AuthType Basic AuthUserFile /etc/apache2/users require user webmaster I think that will require any usernames specified to come from IP_address. I'm trying to allow certain usernames to come from any IP, and restrict other usernames to a certain IP. Can that be done via .htaccess? - Grant You originally wanted ...logins from certain users to be from a certain IP address Now, you want from any IP In this case just restrict users with: AuthName restricted stuff AuthType Basic AuthUserFile /etc/apache2/users require user webmaster Just assign password and user from root: # htpasswd2 -c /etc/apache2/users your-user-name -- Joseph
[gentoo-user] serial in /sys
Anyone knows how to dig into /sys to find the serial number of a device (say, a USB pen)? I few days ago I found by trial and error something like $ cat /sys/devices/pci:00/:00:06.1/usb2/2-4/2-4:1.0/host13/target13:0:0/13:0:0:0/block/sdc/../../../../../serial which gave me E68911000519 Now I can't find nothing of the sort. (Yes, I know the path changes each time the device is plugged in, but even so) Any information that would put some order into this mess would be great. TIA Joreg Almeida
Re: [gentoo-user] serial in /sys
2012/11/29 Jorge Almeida jjalme...@gmail.com Anyone knows how to dig into /sys to find the serial number of a device (say, a USB pen)? I few days ago I found by trial and error something like $ cat /sys/devices/pci:00/:00:06.1/usb2/2-4/2-4:1.0/host13/target13:0:0/13:0:0:0/block/sdc/../../../../../serial which gave me E68911000519 Now I can't find nothing of the sort. (Yes, I know the path changes each time the device is plugged in, but even so) Any information that would put some order into this mess would be great. TIA Joreg Almeida If by serial you mean UUID I personally use ls -l /dev/disk/by-uuid/ Marco Bonfiglio
Re: [gentoo-user] serial in /sys
On Thu, Nov 29, 2012 at 6:35 PM, Marco Bonfiglio marco.bonfig...@gmail.com wrote: 2012/11/29 Jorge Almeida jjalme...@gmail.com Anyone knows how to dig into /sys to find the serial number of a device (say, a USB pen)? I few days ago I found by trial and error something like $ cat /sys/devices/pci:00/:00:06.1/usb2/2-4/2-4:1.0/host13/target13:0:0/13:0:0:0/block/sdc/../../../../../serial which gave me E68911000519 Now I can't find nothing of the sort. (Yes, I know the path changes each time the device is plugged in, but even so) Any information that would put some order into this mess would be great. TIA Joreg Almeida If by serial you mean UUID I personally use ls -l /dev/disk/by-uuid/ It is not the same thing, but anyway I have in /dev/disk/by-id/ a symlink usb-silicon_-power_E68911000519-0:0 - ../../sdd This is indeed the device I meant, and the serial number is the E68911000519 substring. But this symlink exists because udev created it. I need to somehow dig it out of /sys, not out of /dev. IOW, how did udev retrieved the information to create the symlink? The values of ../by-uuid/ would probably be equally good, but I don't know how to find them any more than I know how to find the serials... Thanks J.A.
Re: [gentoo-user] serial in /sys
On Thu, Nov 29, 2012 at 05:57:46PM +, Jorge Almeida wrote: Anyone knows how to dig into /sys to find the serial number of a device (say, a USB pen)? I few days ago I found by trial and error something like $ cat /sys/devices/pci:00/:00:06.1/usb2/2-4/2-4:1.0/host13/target13:0:0/13:0:0:0/block/sdc/../../../../../serial which gave me E68911000519 Now I can't find nothing of the sort. (Yes, I know the path changes each time the device is plugged in, but even so) Any information that would put some order into this mess would be great. TIA Joreg Almeida Why not look in dmesg output: [871998.865035] usb 2-5: new high speed USB device number 4 using ehci_hcd [871998.986925] usb 2-5: New USB device found, idVendor=13fe, idProduct=3600 [871998.986928] usb 2-5: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [871998.986930] usb 2-5: Product: patriot memory [871998.986931] usb 2-5: Manufacturer: [871998.986932] usb 2-5: SerialNumber: 07B20F01654F84B8 [871998.987237] usb-storage 2-5:1.0: Quirks match for vid 13fe pid 3600: 4000 [871998.987257] scsi15 : usb-storage 2-5:1.0 [872000.021585] scsi 15:0:0:0: Direct-Access patriot memory PMAP PQ: 0 ANSI: 0 CCS [872000.021983] sd 15:0:0:0: Attached scsi generic sg4 type 0 [872001.831285] sd 15:0:0:0: [sdd] 7811072 512-byte logical blocks: (3.99 GB/3.72 GiB) [872001.831776] sd 15:0:0:0: [sdd] Write Protect is off [872001.831779] sd 15:0:0:0: [sdd] Mode Sense: 23 00 00 00 [872001.832263] sd 15:0:0:0: [sdd] No Caching mode page present [872001.832265] sd 15:0:0:0: [sdd] Assuming drive cache: write through [872001.836389] sd 15:0:0:0: [sdd] No Caching mode page present [872001.836392] sd 15:0:0:0: [sdd] Assuming drive cache: write through [872001.870531] sdd: sdd1 [872001.873413] sd 15:0:0:0: [sdd] No Caching mode page present [872001.873415] sd 15:0:0:0: [sdd] Assuming drive cache: write through [872001.873417] sd 15:0:0:0: [sdd] Attached SCSI removable disk -- Happy Penguin Computers ') 126 Fenco Drive ( \ Tupelo, MS 38801 ^^ supp...@happypenguincomputers.com 662-269-2706 662-205-6424 http://happypenguincomputers.com/ Don't top-post: http://en.wikipedia.org/wiki/Top_post#Top-posting
Re: [gentoo-user] serial in /sys
On Thu, Nov 29, 2012 at 7:20 PM, Bruce Hill da...@happypenguincomputers.com wrote: On Thu, Nov 29, 2012 at 05:57:46PM +, Jorge Almeida wrote: Anyone knows how to dig into /sys to find the serial number of a device (say, a USB pen)? I few days ago I found by trial and error something like $ cat /sys/devices/pci:00/:00:06.1/usb2/2-4/2-4:1.0/host13/target13:0:0/13:0:0:0/block/sdc/../../../../../serial which gave me E68911000519 Now I can't find nothing of the sort. (Yes, I know the path changes each time the device is plugged in, but even so) Any information that would put some order into this mess would be great. TIA Joreg Almeida Why not look in dmesg output: It is a matter of programming, not looking. I need a program that creates the symlink when the device is plugged in. Think mdev (more precisely, a complement to mdev that would take care of a few particular devices, to allow using fstab to mount them in chosen mountpoints, and then leave the rest to mdev). Thanks J.A.
Re: [gentoo-user] Restrict certain web users by IP
I use apache2 authentication for web users and I would like to require logins from certain users to be from a certain IP address. I experimented with Allow and Require but couldn't find a way to restrict only certain users. Can this be done via apache2 authentication or should I use another method? - Grant very simple via .htaccess Limit GET POST order deny,allow deny from all allow from IP_address /Limit AuthName restricted stuff AuthType Basic AuthUserFile /etc/apache2/users require user webmaster I think that will require any usernames specified to come from IP_address. I'm trying to allow certain usernames to come from any IP, and restrict other usernames to a certain IP. Can that be done via .htaccess? - Grant You originally wanted ...logins from certain users to be from a certain IP address Now, you want from any IP In this case just restrict users with: AuthName restricted stuff AuthType Basic AuthUserFile /etc/apache2/users require user webmaster Just assign password and user from root: # htpasswd2 -c /etc/apache2/users your-user-name I'm sorry I haven't been clear about this. Sometimes an example is the best way. I want users jack and jill to be able to access the web content from any IP address, and I want users john and jacob to be able to access the web content only if they are coming from a certain IP address. I don't want anyone else to have access. - Grant
Re: [gentoo-user] serial in /sys
On Thu, Nov 29, 2012 at 07:31:10PM +, Jorge Almeida wrote: It is a matter of programming, not looking. I need a program that creates the symlink when the device is plugged in. Think mdev (more precisely, a complement to mdev that would take care of a few particular devices, to allow using fstab to mount them in chosen mountpoints, and then leave the rest to mdev). Have you considered sys-apps/uam ? -- Happy Penguin Computers ') 126 Fenco Drive ( \ Tupelo, MS 38801 ^^ supp...@happypenguincomputers.com 662-269-2706 662-205-6424 http://happypenguincomputers.com/ Don't top-post: http://en.wikipedia.org/wiki/Top_post#Top-posting
[gentoo-user] External monitor is stretched 4:3
I've connected my laptop to a lot of HDTV's and whenever I switch the output to display on both screens, black bars appear on the left and right of my laptop screen so it displays at 4:3, and the HDTV output is 16:9 but looks horizontally stretched. Does anyone know how to keep the output at 16:9 on both screens? - Grant
Re: [gentoo-user] Restrict certain web users by IP
On Thu, 29 Nov 2012 11:55:17 -0800 Grant emailgr...@gmail.com wrote: I use apache2 authentication for web users and I would like to require logins from certain users to be from a certain IP address. I experimented with Allow and Require but couldn't find a way to restrict only certain users. Can this be done via apache2 authentication or should I use another method? - Grant very simple via .htaccess Limit GET POST order deny,allow deny from all allow from IP_address /Limit AuthName restricted stuff AuthType Basic AuthUserFile /etc/apache2/users require user webmaster I think that will require any usernames specified to come from IP_address. I'm trying to allow certain usernames to come from any IP, and restrict other usernames to a certain IP. Can that be done via .htaccess? - Grant You originally wanted ...logins from certain users to be from a certain IP address Now, you want from any IP In this case just restrict users with: AuthName restricted stuff AuthType Basic AuthUserFile /etc/apache2/users require user webmaster Just assign password and user from root: # htpasswd2 -c /etc/apache2/users your-user-name I'm sorry I haven't been clear about this. Sometimes an example is the best way. I want users jack and jill to be able to access the web content from any IP address, and I want users john and jacob to be able to access the web content only if they are coming from a certain IP address. I don't want anyone else to have access. - Grant Run two vhosts that deliver the same content from the same DocumentRoot One has jack and jill as users in htpasswd with no acls in place The other has john and jacob as users in a different htpasswd with IP acls in place Trying to specify access rules to a group of users and not to other users all in the same context is a problem that will drive you nuts in a day. Rather side-step it entirely by applying your rules globaly to two different things. -- Alan McKinnon alan.mckin...@gmail.com
Re: [gentoo-user] Restrict certain web users by IP
On 11/29/12 11:55, Grant wrote: You originally wanted ...logins from certain users to be from a certain IP address Now, you want from any IP In this case just restrict users with: AuthName restricted stuff AuthType Basic AuthUserFile /etc/apache2/users require user webmaster Just assign password and user from root: # htpasswd2 -c /etc/apache2/users your-user-name I'm sorry I haven't been clear about this. Sometimes an example is the best way. I want users jack and jill to be able to access the web content from any IP address, and I want users john and jacob to be able to access the web content only if they are coming from a certain IP address. I don't want anyone else to have access. - Grant For this I think you need to use IPtables, apache will not filter outgoing traffic. -- Joseph
Re: [gentoo-user] serial in /sys
On Thu, Nov 29, 2012 at 8:20 PM, Bruce Hill da...@happypenguincomputers.com wrote: On Thu, Nov 29, 2012 at 07:31:10PM +, Jorge Almeida wrote: It is a matter of programming, not looking. I need a program that creates the symlink when the device is plugged in. Think mdev (more precisely, a complement to mdev that would take care of a few particular devices, to allow using fstab to mount them in chosen mountpoints, and then leave the rest to mdev). Have you considered sys-apps/uam ? -- Didn't know about it. But it doesn't look promising. It requires udev (which by itself would do what I want) and it's oriented towards automounting, which I don't need nor want. Thanks, J.A.
[gentoo-user] Google Chrome leftovers
Hi, I've sort of decided I like Chrome's UI better than others that I've spent time with (mostly Firefox Konqueror) but I'm constantly held up by leftover processes when Chrome is closed: mark@c2stable ~ $ ps aux | grep chrome mark 3206 0.0 0.0 292448 16064 ?S06:32 0:01 /opt/google/chrome/chrome --extra-plugin-dir=/usr/lib64/nsbrowser/plugins mark 3207 0.0 0.0 6376 380 ?S06:32 0:00 /opt/google/chrome/chrome-sandbox /opt/google/chrome/chrome --type=zygote mark 3208 0.0 0.1 332364 40784 ?S06:32 0:00 /opt/google/chrome/chrome --type=zygote mark 3212 0.0 0.0 189608 23336 ?S06:32 0:00 /opt/google/chrome/nacl_helper_bootstrap /opt/google/chrome/nacl_helper --reserved_at_zero=0x --r_debug=0x00213000 mark 3216 0.0 0.0 365148 15552 ?S06:32 0:00 /opt/google/chrome/chrome --type=zygote mark 24747 0.0 0.0 8596 904 pts/4S+ 13:05 0:00 grep --colour=auto chrome mark 27655 0.0 0.4 657892 114500 ? S07:31 0:01 /opt/google/chrome/chrome --extra-plugin-dir=/usr/lib64/nsbrowser/plugins mark@c2stable ~ $ In this case if I start Chrome again I don't get any bookmarks. I have to kill all Chrome process id by hand and restart Chrome to get my bookmarks. Anyone else experiencing this sort of problem? Machines are 64-bit mostly stable. Clearly Chrome itself is testing so maybe this is early days? mark@c2stable ~ $ eix -Ic chrome [I] www-client/google-chrome (24.0.1312.25_beta169562(beta){tbz2}@11/28/2012): The web browser from Google mark@c2stable ~ $ Also, is anyone successfully using GoogleTalk in Chrome on Gentoo? Thanks, Mark
Re: [gentoo-user] serial in /sys
The values of ../by-uuid/ would probably be equally good, but I don't know how to find them any more than I know how to find the serials... I use my own automounter scripts and udev with nice static mountpoints from when udisks threw lots away for a while in favour of multiseat. A recurring theme it seems!!! Incidentally I think I'm having issues accesing a dvd from a chroot due to udisks and possibly due to not following the 'everythings a file' mantra as thoggen falls back to /dev/dvd just fine and k9copy works only in folder mode. Does blkid -U work for you? -- ___ 'Write programs that do one thing and do it well. Write programs to work together. Write programs to handle text streams, because that is a universal interface' (Doug McIlroy) ___
Re: [gentoo-user] Google Chrome leftovers
On Thu, 29 Nov 2012 16:12:16 -0500, Mark Knecht markkne...@gmail.com wrote: Also, is anyone successfully using GoogleTalk in Chrome on Gentoo? Yeah, it works for me: $ equery list google-chrome google-talkplugin * Searching for google-chrome ... [IP-] [ ] www-client/google-chrome-22.0.1229.94_p161065:stable * Searching for google-talkplugin ... [I--] [??] www-plugins/google-talkplugin-2.1.7.0:0 Strangely, I noticed that I've got those weird ??'s on the google-talkplugin package, which I guess means that I'm using a version that has been removed from Portage. I see that 3.7.1.0 and 3.9.1.0 are available in /usr/portage/www-plugins/google-talkplugin/, so perhaps I should upgrade to one of those. Are they not working for you? -- R
Re: [gentoo-user] serial in /sys
On Thu, Nov 29, 2012 at 07:31:10PM +, Jorge Almeida wrote It is a matter of programming, not looking. I need a program that creates the symlink when the device is plugged in. Think mdev (more precisely, a complement to mdev that would take care of a few particular devices, to allow using fstab to mount them in chosen mountpoints, and then leave the rest to mdev). I have a couple of scripts that automount USB devices under mdev. See https://wiki.gentoo.org/wiki/Mdev for the general setup, and https://wiki.gentoo.org/wiki/Mdev/Automount_USB and https://wiki.gentoo.org/wiki/Mdev/Automount_USB/automount Once set up, it just works. If you want to go spelunking through /sys for connected USB devices, here are a few hints. I currently have connected to my machine... * a Dell keyboard * a Logitech trackball mouse * an external USB hard drive * 2 USB keys The output below shows that not every USB device has a serial number, and the Patriot Memory key has a serial number but no manufacturer... [d531][waltdnes][~] find /sys/devices/pci0* -name serial | xargs cat :00:1a.0 :00:1a.1 :00:1a.2 :00:1a.7 :00:1d.0 :00:1d.1 :00:1d.2 :00:1d.7 00070493 078215B00E5C 574341565530313435313431 [d531][waltdnes][~] find /sys/devices/pci0* -name manufacturer | xargs cat Linux 3.3.8-gentoo uhci_hcd Linux 3.3.8-gentoo uhci_hcd Dell Linux 3.3.8-gentoo uhci_hcd Logitech Linux 3.3.8-gentoo ehci_hcd Linux 3.3.8-gentoo uhci_hcd Linux 3.3.8-gentoo uhci_hcd Linux 3.3.8-gentoo uhci_hcd Linux 3.3.8-gentoo ehci_hcd SanDisk Corporation Western Digital [d531][waltdnes][~] find /sys/devices/pci0* -name product | xargs cat UHCI Host Controller UHCI Host Controller Dell USB Keyboard 2003 UHCI Host Controller Trackball c404 EHCI Host Controller UHCI Host Controller UHCI Host Controller UHCI Host Controller EHCI Host Controller Cruzer Titanium Patriot Memory My Book 1110 -- Walter Dnes waltd...@waltdnes.org We are apparently better off trying to avoid udev like the plague. Linus Torvalds; 2012/10/03 https://lkml.org/lkml/2012/10/3/349
Re: [gentoo-user] Google Chrome leftovers
On Thu, Nov 29, 2012 at 2:17 PM, Randy Barlow ra...@electronsweatshop.com wrote: On Thu, 29 Nov 2012 16:12:16 -0500, Mark Knecht markkne...@gmail.com wrote: Also, is anyone successfully using GoogleTalk in Chrome on Gentoo? Yeah, it works for me: $ equery list google-chrome google-talkplugin * Searching for google-chrome ... [IP-] [ ] www-client/google-chrome-22.0.1229.94_p161065:stable * Searching for google-talkplugin ... [I--] [??] www-plugins/google-talkplugin-2.1.7.0:0 Strangely, I noticed that I've got those weird ??'s on the google-talkplugin package, which I guess means that I'm using a version that has been removed from Portage. I see that 3.7.1.0 and 3.9.1.0 are available in /usr/portage/www-plugins/google-talkplugin/, so perhaps I should upgrade to one of those. Are they not working for you? -- R Thanks for the info. Actually I haven't tried any version yet. I was just curious about finding some app that might receive text message sent from a cell phone. I.e. - instead of giving my cell phone number which I'd rather keep private I might give a Google-Talk phone number and receive the messages at my desk. I think this can be done with Skype but you have to buy a phone number from them. It seems to me that Google gives theirs out for free, at least right now. I believe you are correct about the ?? versions. They aren't in portage here. Thanks again, Mark
Re: [gentoo-user] Restrict certain web users by IP
I want users jack and jill to be able to access the web content from any IP address, and I want users john and jacob to be able to access the web content only if they are coming from a certain IP address. I don't want anyone else to have access. - Grant Run two vhosts that deliver the same content from the same DocumentRoot One has jack and jill as users in htpasswd with no acls in place The other has john and jacob as users in a different htpasswd with IP acls in place Trying to specify access rules to a group of users and not to other users all in the same context is a problem that will drive you nuts in a day. Rather side-step it entirely by applying your rules globaly to two different things. So I'm sure I understand, if I want to keep the IP address which accesses the web content the same, this means setting up a vhost for a port other than 80 and 443 which the other vhosts are already set up on? - Grant
Re: [gentoo-user] Google Chrome leftovers
On Thu, Nov 29, 2012 at 02:38:48PM -0800, Mark Knecht wrote: Thanks for the info. Actually I haven't tried any version yet. I was just curious about finding some app that might receive text message sent from a cell phone. I.e. - instead of giving my cell phone number which I'd rather keep private I might give a Google-Talk phone number and receive the messages at my desk. I think this can be done with Skype but you have to buy a phone number from them. It seems to me that Google gives theirs out for free, at least right now. I believe you are correct about the ?? versions. They aren't in portage here. Thanks again, Mark There is a service called Google Voice. You get a phone number from them and can forward it to another phone. Also, it will send voice messages to your Google mail account, and even translate them (not well) to text. It will also send text messages. This was the number I put on my business cards (it's in my sig) so that I could receive calls to my cell number w/out actually giving it out. When someone calls 662-205-6424 it tells me I have a call from (and I assume they're asked to give their name), press 1 to accept. If I don't want to talk to them at that time, I don't answer, and they're routed to the voice mail. If they leave a message, it's sent to my Google account as a sound file and translated to text. That's the gist of it... When my one-year with this Android phone is up in Dec, we're getting iPhones and also canceling all the Google accounts and services. We don't agree with the new privacy policies they released March 1, 2012. Google was not a favorite before then, actually. But if we didn't keep the Google account we couldn't get updates to the Android phone. Which, by the way, is a piece of junk (Samsung Galaxy S). Android OS is basically Googles *borrowing* from Linux and OSS over the years, and they've done an amazingly poor job of it. Be that as it may ... Google Voice has been nice. If some sane and responsible party who valued privacy and freedom as we do had a similar service, we'd be interested. -- Happy Penguin Computers ') 126 Fenco Drive ( \ Tupelo, MS 38801 ^^ supp...@happypenguincomputers.com 662-269-2706 662-205-6424 http://happypenguincomputers.com/ Don't top-post: http://en.wikipedia.org/wiki/Top_post#Top-posting
Re: [gentoo-user] serial in /sys
On Thu, Nov 29, 2012 at 10:35 PM, Walter Dnes waltd...@waltdnes.org wrote: On Thu, Nov 29, 2012 at 07:31:10PM +, Jorge Almeida wrote I have a couple of scripts that automount USB devices under mdev. See https://wiki.gentoo.org/wiki/Mdev for the general setup, and https://wiki.gentoo.org/wiki/Mdev/Automount_USB and https://wiki.gentoo.org/wiki/Mdev/Automount_USB/automount I don't care for automounting, I just want customized symlinks. Using fstab is not a second choice, it is how I want it. The output below shows that not every USB device has a serial number, and the Patriot Memory key has a serial number but no manufacturer... [d531][waltdnes][~] find /sys/devices/pci0* -name serial | xargs cat OK. I found that my pens have serial numbers. I setup /proc/sys/kernel/hotplug with a script that prints the environment. When a pen is inserted, this is what is set: ACTION=add DEVPATH=/devices/pci:00/:00:04.1/usb1/1-4/1-4:1.0/host12/target12:0:0/12:0:0:0/block/sdd SUBSYSTEM=block MAJOR=8 MINOR=48 DEVNAME=sdd DEVTYPE=disk SEQNUM=1750 Following your suggestion: # find /sys/devices/pci0* -name serial /sys/devices/pci:00/:00:04.0/usb5/serial /sys/devices/pci:00/:00:04.1/usb1/1-4/serial /sys/devices/pci:00/:00:04.1/usb1/serial /sys/devices/pci:00/:00:06.0/usb6/serial /sys/devices/pci:00/:00:06.1/usb3/3-4/serial /sys/devices/pci:00/:00:06.1/usb3/serial /sys/devices/pci:00/:00:0c.0/:02:00.0/:03:01.0/:04:00.0/usb2/serial /sys/devices/pci:00/:00:0c.0/:02:00.0/:03:01.0/:04:00.0/usb4/serial # cat /sys/devices/pci:00/:00:04.1/usb1/1-4/serial AA04012700011287 So, the serial number is here. To retrieve it out of $DEVPATH, I can do (in this case, at least!): # cat /sys/devices/pci:00/:00:04.1/usb1/1-4/1-4:1.0/host12/target12:0:0/12:0:0:0/block/sdd/../../../../../../serial AA04012700011287 I'm assuming that this scenario is consistent for usb pen drives. I'll think of external hard disks next... BTW, the idea behind this is: -- have s6-devd listen to the netlink interface (http://www.skarnet.org/software/s6-linux-utils/s6-devd.html) -- when a device is inserted, s6-devd launches a program that tries to obtain the serial number, uses it as key to seek a string some_name in a constant database, and creates the symlink /dev/some_name -- $DEVNAME. On failure, exec mdev with the environment passed by the kernel. I'm supposing that the environment on netlink is the same as with the hotplug mechanism. Would this be true? I would be interested in hearing any comments... Thanks Joreg Almeida -- Walter Dnes waltd...@waltdnes.org We are apparently better off trying to avoid udev like the plague. Precisely. Linus Torvalds; 2012/10/03 https://lkml.org/lkml/2012/10/3/349
Re: [gentoo-user] Restrict certain web users by IP
So I'm sure I understand, if I want to keep the IP address which accesses the web content the same, this means setting up a vhost for a port other than 80 and 443 which the other vhosts are already set up on? No, vhosts can use http host headers, so you just need a second dns entry pointing to the same ip address. The browser will include the hostname in its request and apache will use it to decide which content to serve.
Re: [gentoo-user] serial in /sys
If you are looking for the serial number of a usb device, I find them at: /sys/bus/usb/devices/usb*/*/serial NB that not all have them. -JimC -- James Cloos cl...@jhcloos.com OpenPGP: 1024D/ED7DAEA6
Re: [gentoo-user] Restrict certain web users by IP
On 11/29/2012 03:43 PM, Alan McKinnon wrote: Run two vhosts that deliver the same content from the same DocumentRoot One has jack and jill as users in htpasswd with no acls in place The other has john and jacob as users in a different htpasswd with IP acls in place Trying to specify access rules to a group of users and not to other users all in the same context is a problem that will drive you nuts in a day. Rather side-step it entirely by applying your rules globaly to two different things. You can probably accomplish the same with path aliases and Location restrictions. Untested: Alias /jackjill /var/www/your-stuff Alias /johnjacob /var/www/your-stuff Location /jackjill AuthType Basic AuthName Restricted AuthUserFile /var/www/jackjill.passwd Require valid-user Allow from jack-ip Allow from jill-ip Deny from all /Location Location /johnjacob AuthType Basic AuthName Restricted AuthUserFile /var/www/johnjacob.passwd Require valid-user /Location I tried to come up with a less stupid way; I don't think there is one.
Re: [gentoo-user] Google Chrome leftovers
On Thu, Nov 29, 2012 at 3:47 PM, Bruce Hill da...@happypenguincomputers.com wrote: On Thu, Nov 29, 2012 at 02:38:48PM -0800, Mark Knecht wrote: Thanks for the info. Actually I haven't tried any version yet. I was just curious about finding some app that might receive text message sent from a cell phone. I.e. - instead of giving my cell phone number which I'd rather keep private I might give a Google-Talk phone number and receive the messages at my desk. I think this can be done with Skype but you have to buy a phone number from them. It seems to me that Google gives theirs out for free, at least right now. I believe you are correct about the ?? versions. They aren't in portage here. Thanks again, Mark There is a service called Google Voice. You get a phone number from them and can forward it to another phone. Also, it will send voice messages to your Google mail account, and even translate them (not well) to text. It will also send text messages. This was the number I put on my business cards (it's in my sig) so that I could receive calls to my cell number w/out actually giving it out. When someone calls 662-205-6424 it tells me I have a call from (and I assume they're asked to give their name), press 1 to accept. If I don't want to talk to them at that time, I don't answer, and they're routed to the voice mail. If they leave a message, it's sent to my Google account as a sound file and translated to text. That's the gist of it... When my one-year with this Android phone is up in Dec, we're getting iPhones and also canceling all the Google accounts and services. We don't agree with the new privacy policies they released March 1, 2012. Google was not a favorite before then, actually. But if we didn't keep the Google account we couldn't get updates to the Android phone. Which, by the way, is a piece of junk (Samsung Galaxy S). Android OS is basically Googles *borrowing* from Linux and OSS over the years, and they've done an amazingly poor job of it. Be that as it may ... Google Voice has been nice. If some sane and responsible party who valued privacy and freedom as we do had a similar service, we'd be interested. -- Happy Penguin Computers ') 126 Fenco Drive ( \ Tupelo, MS 38801 ^^ supp...@happypenguincomputers.com 662-269-2706 662-205-6424 http://happypenguincomputers.com/ Don't top-post: http://en.wikipedia.org/wiki/Top_post#Top-posting Bruce, As my interest (at this time, today only) is text message, does the Google Voice service accept text messages like a cell phone would or is it purely a voice service like a land line? Thanks, Mark
Re: [gentoo-user] Google Chrome leftovers
On Thu, 29 Nov 2012 20:06:26 -0500, Mark Knecht markkne...@gmail.com wrote: As my interest (at this time, today only) is text message, does the Google Voice service accept text messages like a cell phone would or is it purely a voice service like a land line? It accepts them like a cell phone, and there is a web interface as well as an Android app to use it. -- R
Re: [gentoo-user] serial in /sys
On Fri, Nov 30, 2012 at 12:28:01AM +, Jorge Almeida wrote When a pen is inserted, this is what is set: ACTION=add DEVPATH=/devices/pci:00/:00:04.1/usb1/1-4/1-4:1.0/host12/target12:0:0/12:0:0:0/block/sdd SUBSYSTEM=block MAJOR=8 MINOR=48 DEVNAME=sdd DEVTYPE=disk SEQNUM=1750 [...deletia...] I'm supposing that the environment on netlink is the same as with the hotplug mechanism. Would this be true? This is almost exactly what I remember from when I was writing/testing/debugging my automount scripts. The one difference I remember is that when mdev handled it, there was no DEVNAME variable, but rather it was MDEV. But otherwise identical. Two important notes... 1) For a USB mass storage device (pen or external hard drive) with N partitions, the hotplug handler will get N+1 events when inserting and also when removing. E.g. if your pen drive has 3 partitions, you'll get 4 events... * one for /dev/sdd * one for /dev/sdd1 * one for /dev/sdd2 * one for /dev/sdd3 2) There is one exception to the above rule. Sometimes, Windows will format an entire pen as one large partition, without a partition table. This requires an ugly hack in my script. If DEVTYPE is disk, it checks for the string FAT in the first 512 bytes of the device (bleagh). Here's an excerpt from my script at https://wiki.gentoo.org/wiki/Mdev/Automount_USB/automount ## if [ X${ACTION} == Xadd ] ; then # # Flag for mounting if it's a regular partition if [ X${DEVTYPE} == Xpartition ] ; then partition=1 ; # # Further checks if DEVTYPE is disk; looking for weird setup where the # entire USB key is formatted as one partition, without the standard # partition table. elif [ X${DEVTYPE} == Xdisk ] ; then # # If it's disk, check for string FAT in first 512 bytes of device. # Flag as a partition if the string is found. if dd if=${MDEV} bs=512 count=1 2/dev/null | grep FAT 1/dev/null ; then partition=1 fi fi fi ## The important line is... if dd if=${MDEV} bs=512 count=1 2/dev/null | grep FAT 1/dev/null ; Would you be OK if the devices were always mounted in /media ? The reason I ask is that my scripts use pmount, which can take an optional label argument. E.g. if MDEV is sdd1 pmount --umask 007 --noatime /dev/${MDEV} would create /media/sdd1 pmount --umask 007 --noatime /dev/${MDEV} my_pendrive_1 would create /media/my_pendrive_1 I always wanted to add that functionality to the scripts, but never got around to it. BTW, the idea behind this is: -- have s6-devd listen to the netlink interface (http://www.skarnet.org/software/s6-linux-utils/s6-devd.html) -- when a device is inserted, s6-devd launches a program that tries to obtain the serial number, uses it as key to seek a string some_name in a constant database, and creates the symlink /dev/some_name -- $DEVNAME. On failure, exec mdev with the environment passed by the kernel. The way I'm thinking of doing it is to... * launch my script (with minor changes) * on an add action invoke your program to look for a match * if a match is found, use the optional label, otherwise use the default name in variable MDEV Actually, if I was writing it, I would add a few lines to my script for the add ACTION * label=${MDEV} * look for a serial file in the PCI path of the newly-inserted device * if found; then grep through a textfile to match the contents of the serial file if matched; then label=custom_name if [ ${#MDEV} -gt 3 ]; then label=${label}_${MDEV:3} fi fi fi pmount --umask 007 --noatime /dev/${MDEV} ${label} -- Walter Dnes waltd...@waltdnes.org We are apparently better off trying to avoid udev like the plague. Linus Torvalds; 2012/10/03 https://lkml.org/lkml/2012/10/3/349
Re: [gentoo-user] Restrict certain web users by IP
On Thu, 29 Nov 2012 15:36:51 -0800 Grant emailgr...@gmail.com wrote: I want users jack and jill to be able to access the web content from any IP address, and I want users john and jacob to be able to access the web content only if they are coming from a certain IP address. I don't want anyone else to have access. - Grant Run two vhosts that deliver the same content from the same DocumentRoot One has jack and jill as users in htpasswd with no acls in place The other has john and jacob as users in a different htpasswd with IP acls in place Trying to specify access rules to a group of users and not to other users all in the same context is a problem that will drive you nuts in a day. Rather side-step it entirely by applying your rules globaly to two different things. So I'm sure I understand, if I want to keep the IP address which accesses the web content the same, this means setting up a vhost for a port other than 80 and 443 which the other vhosts are already set up on? No need for that, use name-based vhosting: the same IP, port and Apache instance, with different names in DNS the return the same IP. Apache can tell them apart based on the site name in the HTTP request and keeps the config separate with the NameVirtualHost directive. I don't know what sort of scale you are working at, if it's two users or many more. I have to deal with the same sort of thing in a corporate setting (not necessarily web sites) often for 50 or more users and that's how I would do it. Just a tip though: many times when I ponder complex access control systems I find out at the end that I'm just being really silly and don't actually need it. If I can't trust a user to behave outside of office hours that often means I can't trust them at all and they get no access :-) By all means continue with your original post if that's what you need but in your shoes I'd first be proving to myself it really is what I need (rather than what I think I want) -- Alan McKinnon alan.mckin...@gmail.com